CVE-2023-52970: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0....
4.9
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.2886%
CWE
Published
3/9/2025
Updated
3/9/2025
KEV Status
No
Technology
-
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The primary evidence comes from the Jira issue MDEV-32086, which is directly linked to CVE-2023-52970. The Jira issue includes a stack trace from the crash, explicitly naming 'Item_direct_view_ref::derived_field_transformer_for_where' as the point of failure. The vulnerability description also mentions this function. The MariaDB release notes confirm the fix for MDEV-32086. Although direct commit information is not available through the tools, the Jira issue provides strong evidence for the vulnerable function.